ME Analyzer 1.42.0 released

January 14, 2018 ~ hucktech ~ Leave a comment

ME Analyzer v1.42.0 is out! Quite a big update. Added support for CSME 12.0, CSE Layout Table (LT) v1.6 – v1.7, BPDT v2 – v3, FPT v2.1 & CSE Extensions 17, 22 & 20 R2. Improved CSE Ext 3, 14, 15, 16 & 20 R1. Added CSE unpacking of CSE LT, BPDT, FPT, UTOK UTFL & Instance ID info. pic.twitter.com/xNlW7GLGEt

— Plato Mavropoulos (@platomaniac) January 13, 2018

Added FPT, BPDT & CSE LT partition overlap check. Also CSE partition Size, Hash, OEM/FIT config & Out of Bounds module detection. Improved CPD entry count and ME 8+ FPT & BPDT entry display (-dfpt). Fixed bugs at CSE unpacking, S-BPDT & Manifest detection. https://t.co/Snttp8fULE pic.twitter.com/i4O0shtBs0

— Plato Mavropoulos (@platomaniac) January 13, 2018

https://github.com/platomav/MEAnalyzer

a bit more on Spectre and Meltdown

January 13, 2018January 18, 2018 ~ hucktech ~ Leave a comment

https://developer.arm.com/support/security-update

https://www.op-tee.org/security-advisories/

https://newsroom.intel.com/

American Megatrends Statement in Response to “Meltdown” and “Spectre” Security Vulnerabilities: https://t.co/dIFTJoN4Ms pic.twitter.com/iVO7FJ0MTI

— AMI (@AMI_PR) January 12, 2018

https://ami.com/en/news/press-releases/american-megatrends-statement-in-response-to-meltdown-and-spectre-security-vulnerabilities/

**IMPORTANT** – Intel just notified VMware of faulty microcode updates for certain Haswell/Broadwell CPUs.

Please see https://t.co/Wgl5Sjghto for affected systems & “tmp” workaround for those who’ve applied microcode update until new updates are available from Intel

/2

— William Lam (@lamw.bsky.social | @lamw@vmst.io) (@lamw) January 13, 2018

https://kb.vmware.com/s/article/52345

F*ck, I can barely believe that I was able to read non-cached data from other process efficiently. Removed iteration and issued flush on secret. Thanks @misc0110, @aionescu for all the tips. Not releasing it or somebody could definitely set the world on fire with this! #meltdown pic.twitter.com/eHYaxnbEAo

— Raph Carvalho (@raphael_scarv) January 13, 2018

https://twitter.com/aionescu/status/952014225714511872

Still ticked off that FreeBSD wasn't given earlier notice. In fact much later than Linux patches were already visible to the public. FreeBSD is a major OS, especially if you count appliances. They have a proper security officer just like the other players.

— Martin Cracauer (@MartinCracauer) January 11, 2018

https://twitter.com/josephfcox/status/952107644076118017

https://twitter.com/revskills/status/951934905319133185

NCC Group releases Cachegrab, tool for trace-driven cache attacks against ARMv8 TrustZone

January 13, 2018 ~ hucktech ~ Leave a comment

34C3 Tool Release: Cachegrab for TrustZone https://t.co/27UOEQIIew

— Nicolas Krassas (@Dinosn) January 12, 2018

34C3 Tool Release: Cachegrab

Today, NCC Group is releasing Cachegrab, a tool designed to help perform and visualize trace-driven cache attacks against software in the secure world of TrustZone-enabled ARMv8 cores. These cache attacks, as well as other microarchitectural attacks on secure computing environments, were presented at the 34th Chaos Communication Congress. There are two key properties of many TrustZone implementations that make the attacks within Cachegrab feasible. First, the secure world and non-secure world often share the caches within a processor. This means that when software executes in the secure world, it affects the presence or absence of non-secure world entries within the shared cache. Second, privileged users in the non-secure world are able to use privileged instructions to interleave attacker and victim processes, as well as determine what non-secure data has been evicted from the cache.[…]

https://github.com/nccgroup/cachegrab

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/december/34C3-Tool-Release-Cachegrab/

https://events.ccc.de/congress/2017/Fahrplan/events/8950.html

ExploitLab’s DVAR – Damn Vulnerable ARM Router

January 13, 2018January 13, 2018 ~ hucktech ~ Leave a comment

Announcing #DVAR – Damn Vulnerable ARM Router – a beginner's exercise for the #ARM #IoT #ExploitLab.

Download: https://t.co/gEog3jegSm

Pairs perfectly with @Fox0x01 ARM Tutorials https://t.co/FEDk8hGG4q

Wish you all a happy 2018, lot of PC=0x41414140 and many ARM shells! pic.twitter.com/RFv79Y6n1h

— 🐘 @therealsaumil@infosec.exchange (@therealsaumil) January 13, 2018

http://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html

io386: tool wrapping around ioperm(2), iopl(2), outb(b), etc.

January 13, 2018 ~ hucktech ~ Leave a comment

io386: https://t.co/HQVR0k7jVJ We're using it for perform I/O ops e.g: trigger the SMIs handlers on small GNU/Linux systems since #chipsec has more complicated dependencies.

— Hardened-GNU/Linux (@hardenedlinux) January 13, 2018

Introduction: A command line tool wrapping around ioperm(2) iopl(2) outb(2), etc.
Where it is needed: Designed for Linux-as-bootloader-payload schemes like Heads, in order to perform low-level IO operations, e.g. triggering SMIs.

https://github.com/hardenedlinux/io386

Apple updates security guide

January 13, 2018 ~ hucktech ~ Leave a comment

Apple has updated their security guide to cover changes in iOS 11, new iPhones, Face ID, and Apple Pay Cash at https://t.co/DU8FojKnms Here are some highlights

— Jay Little (@computerality) January 12, 2018

Click to access iOS_Security_Guide.pdf

a bit more on AMD PSP vuln

January 12, 2018 ~ hucktech ~ 1 Comment

No CVE(s) from US-CERT/NIST/MITRE/NVD.
No AMD tracking id or public response from AMD.
No response from AMD support on the below question on their support forums.

AFAICT, AMD does not have a security advisories page, just occasional announcements on the main PR site. Intel does. Then again, AFAICT, neither does ARM.

Researcher clarifies original statement a bit:

http://seclists.org/fulldisclosure/2018/Jan/21

“I would like to clarify that here “remote” means remote code execution on
the TPM component. To mount the attack, local host access is still required.
Sorry if it caused any confusion.”

A code exec bug in AMD PSP module implementing TPM. PSP is similar to #IntelME. Key Qs:
1. Does PSP/fTPM have access to host memory?
2. How well is fTPM module isolated from the rest of the PSP?
3. How asynchronous is PSP execution with regards to the host? https://t.co/cSD1lzt3Kb

— Joanna Rutkowska (@rootkovska) January 8, 2018

https://community.amd.com/thread/224328

https://www.theregister.co.uk/2018/01/06/amd_cpu_psp_flaw/

http://www.amd.com/en/technologies/security

Intel updates microcode for Linux

January 12, 2018 ~ hucktech ~ 1 Comment

https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File
https://downloadcenter.intel.com/product/873/Processors
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886367#17
https://www.dragonflydigest.com/2018/01/09/20710.html
https://launchpad.net/ubuntu/+source/intel-microcode/3.20180108.0~ubuntu16.04.2
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1742364
http://ftp.us.debian.org/debian/pool/non-free/i/intel-microcode/

see-also:

Update: the Intel, AMD & VIA CPU Microcode Repositories are now found at Github. https://t.co/xDIvoVxiW5

— Plato Mavropoulos (@platomaniac) January 10, 2018

https://github.com/platomav/CPUMicrocodes

http://inertiawar.com/microcode/

https://www.cyberciti.biz/faq/install-update-intel-microcode-firmware-linux/

https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver#summary

https://firmwaresecurity.com/tag/microcode/

https://news.ycombinator.com/item?id=16111433

more on Spectre/Meltdown

January 12, 2018January 18, 2018 ~ hucktech ~ Leave a comment

An update on AMD processor security from Mark Papermaster, Senior Vice President and Chief Technology Officer. https://t.co/jpWXWdcyrQ

— AMD (@AMD) January 11, 2018

https://www.amd.com/en/corporate/speculative-execution?sf178974629=1

Updates for Microsoft #Surface Devices. These updates include updated Surface UEFI firmware to address potential security vulnerabilities, including Microsoft security advisory 180002 #Meltdown #Spectre https://t.co/IZoztC19CJ

— Francesco Molfese (@FrancescoMolf) January 10, 2018

https://blogs.technet.microsoft.com/surface/2018/01/10/updates-for-surface-devices-09-january-2018/

Intel says patches can cause reboot problems in old chips https://t.co/E53NGGb0xG via @InfoSecHotSpot

— Sean Harris (@InfoSecHotSpot) January 12, 2018

https://news.hitb.org/content/intel-says-patches-can-cause-reboot-problems-old-chips

https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/

https://twitter.com/aionescu/status/949090063920504833

Interview with Anders Fogh: https://t.co/Jj8Jf42c9v

— Halvar Flake (@halvarflake) January 11, 2018

The research of @anders_fogh laid the ground for what is considered the worsest vulnerability in computer history. We asked him some questions about #Meltdown and #Spectre https://t.co/AK3Arhwi82

— Ralf Benzmüller (@rb_gdata) January 11, 2018

https://www.gdatasoftware.com/blog/2018/01/30333-inside-meltdown-spectre

http://nymag.com/selectall/2018/01/why-it-took-22-years-to-discover-fundamental-chip-flaw.html

https://www.theverge.com/2018/1/11/16878670/meltdown-spectre-disclosure-embargo-google-microsoft-linux

F-Secure: new Intel AMT security issue

January 12, 2018 ~ hucktech ~ Leave a comment

NEW RESEARCH: Intel AMT Security Issue Lets Attackers Bypass Login Credentials in Corporate Laptopshttps://t.co/gYJrFoyxL1 https://t.co/Z8oJhpoBc7

— WithSecure™ (@WithSecure) January 12, 2018

https://press.f-secure.com/2018/01/12/intel-amt-security-issue-lets-attackers-bypass-login-credentials-in-corporate-laptops/

Intel AMT Security Issue Lets Attackers Bypass Login Credentials in Corporate Laptops
Insecure defaults in Intel AMT allow an intruder to completely bypass user and BIOS passwords and TPM and Bitlocker PINs to backdoor almost any corporate laptop in a matter of seconds.

Helsinki, Finland – January 12, 2018: F-Secure reports a security issue affecting most corporate laptops that allows an attacker with physical access to backdoor a device in less than 30 seconds. The issue allows the attacker to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation. It exists within Intel’s Active Management Technology (AMT) and potentially affects millions of laptops globally. The security issue “is almost deceptively simple to exploit, but it has incredible destructive potential,” said Harry Sintonen, who investigated the issue in his role as Senior Security Consultant at F-Secure. “In practice, it can give an attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”[…]

ARM assembly resources from Azeria Labs

January 10, 2018 ~ hucktech ~ Leave a comment

Exactly. Here’s all you need to get started with Arm assembly:

Assembly Basics: https://t.co/N9UWzkTH3i

Readymade Lab VM: https://t.co/vuDtWsXCse

Cute Vulnerable Binaries: https://t.co/w1etsn8j1w

GDB Cheat Seet: https://t.co/k3DB0J2EKe https://t.co/IOgwWQA9Ur

— Azeria (@Fox0x01) January 7, 2018

To make it a little easier for you to get started with ARM exploitation, I compiled some small buffer overflow challenges to play around with and created a quick guide. All you need to do is follow the instructions and start tinkering around. Have fun 🖤 https://t.co/w1etsn8j1w pic.twitter.com/CuPvINKN0c

— Azeria (@Fox0x01) November 27, 2017

Writing ARM Assembly (Part 1)

ARM Lab (VM)

Part 3: Stack Overflow Challenges

Debugging with GDB Introduction

more on Spectre and Meltdown

January 10, 2018January 18, 2018 ~ hucktech ~ Leave a comment

https://www.enisa.europa.eu/publications/info-notes/meltdown-and-spectre-critical-processor-vulnerabilities
https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/
https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
https://github.com/xoreaxeaxeax/movfuscator/tree/master/validation/doom

Thoughts on Meltdown & Spectre

Yes, privsec _within_ ME, exactly this!

Remember ME's Dynamically Loaded Applications (DAL)? They are essentially JVM for semi-untrusted code (provided by 3rd parties) – how about trying Meltdown/Spectre from there to steal secrets from the ME's TCB? https://t.co/8rDUkp3V1O

— Joanna Rutkowska (@rootkovska) January 10, 2018

Also, since Intel essentially controls the whole toolchain (i.e. the compiler) for building SGX enclaves, I expect SGX code will be first to get protection against Specre attacks, and best coverage also…?

/cc @lavados @tehjh @misc0110 @anders_fogh

— Joanna Rutkowska (@rootkovska) January 10, 2018

Awesome demo of #Meltdown and how it is mitigated in CentOS 7 #kpti #KAISER https://t.co/w0QwiGtknC

— Daniel Gruss (@lavados) January 10, 2018

This video shows a #Meltdown attack on *uncached* data. The data is not in L1, not in L2, and not in L3 cache. That's what clflush does, it throws the data out of all caches. #Meltdown exploits a race condition and even for uncached data this race can be won. https://t.co/W2CQRS9zmt

— Daniel Gruss (@lavados) January 10, 2018

DBXtool has support for Microsoft dbxupdate.bin

January 9, 2018 ~ hucktech ~ Leave a comment

DBXtool[1] is a tool by Peter Jones of Red Hat. So it works with Fedora, and perhaps other versions of Linux. It is an interesting tool in that it is one of the few tools that look at the UEFI SecureBoot PKI list of blacklisted keys, that UEFI Forum occassionally updates[2]. Last year there was the Microsoft leaks Golden Keys” story, which was overblown, watch Jeremiah’s video on Youtube from the Fall 2016 UEFI Plugfest for more details. I just noticed that DBXtool has support[3] for a dbxupdate.bin file from Microsoft, separate from the UEFI.org-hosted DBX file, related to this Microsoft Golden Keys incident.

Peter’s comment from that checkin:

Add a new dbxupdate.bin
This is the dbxupdate.bin referenced in CVE-2016-3320 and
https://support.microsoft.com/en-us/kb/3179577
It’s for their bootloaders, not ours.

[1] https://github.com/rhboot/dbxtool
https://github.com/rhboot/dbxtool/commits/master
[2] http://uefi.org/revocationlistfile
http://www.uefi.org/sites/default/files/resources/dbxupdate.zip
[3] https://github.com/rhboot/dbxtool/commit/1e9334f1287c4703e7dfb40121e00d16d109e903
https://support.microsoft.com/en-us/kb/3179577
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-100
https://support.microsoft.com/en-us/help/3172729/ms16-100-description-of-the-security-update-for-secure-boot-august-9

more on Microsoft UEFI Secure Boot golden key news

Microsoft UEFI Secure Boot key problem

WordPress mangles Github Gist URLs, so remove the spaces from the next URL to make it work:
https://gist. github.com/acepace/ df34b5213f1e0fae6529eb703d947187

Some more background on UEFI SB DBX:
https://www.rodsbooks.com/efi-bootloaders/controlling-sb.html
https://habrahabr.ru/post/273497/
https://translate.google.com/translate?hl=en&sl=ru&u=https://habrahabr.ru/post/273497/&prev=search (English translation above Russian document)
https://blog.fpmurphy.com/2012/11/list-secure-boot-certificates.html
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance

The Meaning of all the UEFI Keys

http://www.linuxjournal.com/content/take-control-your-pc-uefi-secure-boot
https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide/Configuring_Secure_Boot
https://www.insyde.com/press_news/blog/uefi-24-review-part-13-hash-certificates-used-secure-boot-revocation
https://lwn.net/Articles/706610/
http://wiki.osdev.org/UEFI#Secure_Boot

Besides Peter’s DBXtool, I’m not aware of many other tools that use the DBX file. There’s this PowerShell script:
Again, WordPress mangles Gist URLs, remove spaces to make this work:
https://gist. github.com/mattifestation/ 991a0bea355ec1dc19402cef1b0e3b6f

I wish I could point to a tool avaialble in each OS/distro that your firmware has the latest blacklist applied…

PS: Peter also works on the Shim. And he’s updated his canary:
https://blog.uncooperative.org/blog/2018/01/08/shim-info/
https://blog.uncooperative.org/shim-info-2018-01-08.txt.asc

more on Meltdown and Spectre

January 9, 2018January 18, 2018 ~ hucktech ~ Leave a comment

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Releasing our PoC implementations for #Meltdown – https://t.co/M99UwQ1XhS – More to follow /cc @misc0110 @lavados @StefanMangard #intelbug #kaiser #kpti

— Moritz Lipp (@mlqxyz) January 9, 2018

https://github.com/iaik/meltdown

TA18-004A: Meltdown and Spectre Side-Channel Vulnerability Guidance https://t.co/jZWEuaJATS

— CISA Cyber (@CISACyber) January 4, 2018

I just posted some initial work into detecting Spectre, Meltdown, and cache side channels attacks using hardware performance counters. https://t.co/iYCbsjfZ1w

— codypierce (@codypierce) January 8, 2018

https://www.endgame.com/blog/technical-blog/detecting-spectre-and-meltdown-using-hardware-performance-counters

meltdown-poc
A PoC implementation of the meltdown attack described in https://t.co/cfaeKowR78 by @ReleasePreview
Repohttps://t.co/rrJtQpHK3p pic.twitter.com/yzhBHuLLCk

— Florian Roth (@cyb3rops) January 8, 2018

https://github.com/GitMirar/meltdown-poc/blob/master/README.md

CPU vulnerability guidance for Azure customers https://t.co/3UWD2neW5M

— Azure Support (@AzureSupport) January 4, 2018

Securing Azure customers from CPU vulnerability

P. Kocher et al., “Spectre Attacks: Exploiting Speculative Execution” (arXiv version) https://t.co/7yZmjTnpI8

— Arrigo Triulzi (@cynicalsecurity) January 9, 2018

M. Lipp et al., “Meltdown” (yes, this is the arXiv version of the Meltdown vulnerability paper) https://t.co/N0n7JPljev

— Arrigo Triulzi (@cynicalsecurity) January 9, 2018

An Explanation of the #Meltdown & #Spectre Bugs for a Non-Technical Audience – https://t.co/MD2roxbfqj pic.twitter.com/Z9JVNzWjkw

— Cloudflare (@Cloudflare) January 8, 2018

https://blog.cloudflare.com/meltdown-spectre-non-technical/

https://twitter.com/aionescu/status/949732198118080513

https://gallery.technet.microsoft.com/scriptcenter/Speculation-Control-e36f0050

Verifying Spectre / Meltdown protections remotelyhttps://t.co/2lnakXrERS

In this post we will take a look at the SpeculationControl PowerShell module that was recently released by the Microsoft Security Response Center to help with verifying Spectre / Meltdown protections.

— Ralph Kyttle (@ralphkyt) January 5, 2018

https://blogs.technet.microsoft.com/ralphkyttle/2018/01/05/verifying-spectre-meltdown-protections-remotely/

https://www.powershellgallery.com/packages/SpeculationControl/1.0.3

A lot of VMs are experience a higher-than-expected performance hit with the Meltdown patch. That's simply because PCID is turned off:https://t.co/iWQqghyaDQ

— Robᵉʳᵗ Graham 𝕏 (@ErrataRob) January 8, 2018

https://github.com/ionescu007/SpecuCheck/releases

https://twitter.com/aionescu/status/948954595358752768

https://github.com/lgeek/spec_poc_arm

https://github.com/Viralmaniar/In-Spectre-Meltdown

https://twitter.com/daniel_bilar/status/950332477800898561

https://mspoweruser.com/hp-reportedly-starting-release-bios-fixes-meltdown-spectr-flaws/

https://groups.google.com/forum/m/#!topic/mechanical-sympathy/L9mHTbeQLNU

Intel MeshCommander (AMT tool): now available for Mac and Linux (not just Windows)

January 9, 2018 ~ hucktech ~ Leave a comment

Meshcommander is an Intel AMT tool from Intel. Previously, I thought it was a Windows-only thing, but the current release has Linux and Mac support as well as Windows!

https://software.intel.com/en-us/blogs/2018/01/08/meshcommander-for-npm-linux-osx-windows

http://www.meshcommander.com/meshcentral2

http://www.meshcommander.com/meshcommander

https://www.npmjs.com/package/meshcommander

microcode

January 8, 2018January 9, 2018 ~ hucktech ~ 1 Comment

[Someone just asked me a microcode question, I was digging up some pointers to a microcode tool for someone, ended up cleaning out my browser’s microcode-related bookmarks, and thought I mine as well post a blog entry of the links…]

Intel, AMD & VIA CPU Microcode Repositories! A community assisted project aimed to collect all the latest PRD CPU microcodes since 1995 from the three main vendors in order to help people understand what they need to update, to research how they work etc. https://t.co/WtdUWtVoEi

— Plato Mavropoulos (@platomaniac) January 6, 2018

https://github.com/platomav/MCExtractor
https://www.win-raid.com/t3355f47-Intel-AMD-amp-VIA-CPU-Microcode-Repositories.html#msg45883

https://github.com/RUB-SysSec/Microcode
http://syssec.rub.de/research/publications/microcode-reversing/
see below video:

https://github.com/torvalds/linux/blob/master/Documentation/x86/microcode.txt
https://github.com/torvalds/linux/tree/master/arch/x86/kernel/cpu/microcode

https://community.amd.com/thread/216246
https://en.wikipedia.org/wiki/Microcode
https://linux.die.net/man/8/microcode_ctl
http://manpages.ubuntu.com/manpages/zesty/man8/iucode_tool.8.html
http://manpages.ubuntu.com/manpages/precise/en/man8/microcode_ctl.8.html
http://manpages.ubuntu.com/manpages/precise/en/man8/update-intel-microcode.8.html
https://askubuntu.com/questions/545925/how-to-update-intel-microcode-properly

How to update CPU microcode in Linux

http://www.linuxfromscratch.org/blfs/view/svn/postlfs/firmware.html

Updating microcodes

https://support.mozilla.org/en-US/kb/microcode-update
https://lists.debian.org/debian-security/2016/03/msg00084.html

https://wiki.debian.org/Microcode
https://wiki.gentoo.org/wiki/Intel_microcode
https://wiki.archlinux.org/index.php/microcode

http://blog.fpmurphy.com/2016/12/python-3-utilities-for-parsing-intel-microcode.html

Everything you want to know about x86 microcode, but might have been afraid to askhttps://t.co/CQrtJoVL1q https://t.co/yq2fKADJ7r
Slides: https://t.co/P7HAP9cnmB https://t.co/bTF9ifKb8Z
Benjamin Kollenda & Philipp Koppe #34C3

— Matt (@matt_dz) December 29, 2017

AMD Updates Programmer’s Manual

January 8, 2018 ~ hucktech ~ Leave a comment

AMD64 Architecture
Programmer’s Manual
Volume 2:
System Programming

Revision Date: December 2017

Click to access 24593.pdf

Here’s the complete changelog for this update:

Modified Sections 7.10.1 and 7.10.4.
Modified Sections 15.34.1, 15.34.7.
Added new Section 15.34.10.
Modified Section 15.35.10.
Modified Appendix A, Table A-7.

Not too useful, I wish I could diff PDFs better. I wish the writers would spend a few moments more on the changelog. Here’s the titles of the above sections:

7.10.1 Determining Support for Secure Memory Encryption
7.10.4 Page Table Support
15.34.1 Determining Support for SEV
15.34.7 Restrictions
15.34.10 SEV_STATUS MSR
15.35.10 Control Register Write Traps
Table A-7: Secure Virtual Machine MSRs

Torito C Library

January 8, 2018 ~ hucktech ~ 1 Comment

Joaquin Cono Bolillo has created the Torito C Library, a Standard C Library for UEFI x86-64 target platform for Microsoft Visual Studio 2017.

“torito C Library” is an implementation targeting the ANSI/ISO C Standard Library compatibility to create applications for different operating systems using design –and debug– infrastructure provided by Microsoft Visual Studio 2017 VS2017.

Goal: The “torito C Library” is designed to enable the developer to create Standard C programs for UEFI Shell, Windows NT and Linux (in future releases) running in x86-64 mode. Standard C compliant source code shall be easily portable to operating systems supported by “torito C Library”.

The “torito C Library” shall provide full library compatibility with: ANSI X3.159-1989 (“ANSI C”), ISO/IEC 9899 First edition 1990-12-15 (“C90”), ISO/IEC 9899 First edition 1990-12-15, Amendment 1, 1995-04-01 (“C95”)

Status:
The “torito C Library” is still in state of EVALUATION
Field tests are urgently required.
Feedback is very WELCOME.
A non-EVALUATION-library will be provided for helpful supporters for free.
The functions below are already implemented and carefully tested, every single one of them:

_ModuleEntryPoint, _iob, _setjmp, _snprintf, _vsnprintf, abs, asctime, atexit, atoi, atol, calloc, clearerr, clock, ctime, difftime, div, exit, fclose, feof, ferror, fflush, fgetc, fgetpos, fgets, fopen, fprintf, fputc, fputs, fread, free, freopen, fscanf, fseek, fsetpos, ftell, fwrite, gets, gmtime, isalnum, isalpha, iscntrl, isdigit, isgraph, islower, isprint, ispunct, isspace, isupper, isxdigit, labs, ldiv, localtime, longjmp, main(argc, argv), malloc, memcmp, memcpy, memmove, memset, mktime, nprintf, perror, printf, putc, putchar, puts, rand, realloc, rewind, scanf, setbuf, setvbuf, snprintf, sprintf, srand, sscanf, strcat, strchr, strcmp, strcpy, strcspn, strefierror, strerror, strftime, strlen, strncat, strncmp, strncpy, strpbrk, strspn, strstr, strtok, strtol, strtoul, swprintf, time, tolower, toupper, ungetc, vfprintf, vfscanf, vprintf, vscanf, vsnprintf, vsprintf, vswprintf, wcscat, wcschr, wcscmp, wcscpy, wcscspn, wcslen, wcsncat, wcsncmp, wcsncpy, wcspbrk, wcsrchr, wcsspn, wcsstr, wcstok, wmemcmp, wmemcpy, wmemmove, wprintf.

https://github.com/JoaquinConoBolillo/torito-C-Library

S3EuroCom seeks firmware security PhD students

January 8, 2018 ~ hucktech ~ Leave a comment

PSA: we (@s3eurecom @aurelsec @balzarot) are looking for state-of-the-art PhD students to work on mobile security, firmware & binary analysis, and similar topics. Details: https://t.co/vpJkhLCAHr Ping us with any questions & spread the word! 🙂

— Yanick Fratantonio (@reyammer@infosec.exchange) (@reyammer) January 8, 2018

Engineer position(s) in firmware analysis
We are looking for a research and software development engineer with experience and interest in software development (python, C…) applied to embedded device firmware analysis. In particular, the project will involve working with Avatar2 and/or Angr. The work will take place at EURECOM and will involve some external collaboration. The candidate is expected to have experience in software development and experience, interest in, or willingness to learn, embedded devices analysis, firmware analysis, reverse engineering. This position is flexible, it may be suitable for a Post doc as well as for a freshly graduated master student. If the collaboration is successful, the position may also be changed to a PhD after one year.

http://www.s3.eurecom.fr/open-positions.html

Defensive firmware talks in Seattle: SASAG and BSides Seattle

January 6, 2018January 6, 2018 ~ hucktech ~ Leave a comment

There are two presentations in Seattle area on firmware security in January and February, in case you’re in the area.

1) On January 11th, PreOS Security CEO Paul English speaking on enterprise firmware defensive tools and techniques, for a SysAdmin target audience, at SASAG, the Seattle Area SysAdmin Guild (monthly user group).

https://www.meetup.com/Seattle-Area-Systems-Administrators-Guild-SASAG/events/246043346/

2) On February 3rd, I’ll be speaking at BSides Seattle, on similar topic, but for a target audience of DFIR/blue teams.

http://www.securitybsides.com/w/page/121128486/BsidesSeattle2018#2018Presentations

Disclaimer: Paul and I both work at PreOS Securty.

http://preossec.com/